diff options
| author | Alois Wohlschlager <alois1@gmx-topmail.de> | 2024-06-29 20:23:17 +0200 |
|---|---|---|
| committer | Alois Wohlschlager <alois1@gmx-topmail.de> | 2024-06-30 19:28:14 +0200 |
| commit | a55112898e23df10a7a0d2a0cd359996100e3512 (patch) | |
| tree | fbd58bf13294d34b780dacb3404a077718052c4c /src/libexpr/flake | |
| parent | 5dc85e8b72d1ba433f69200537146275ff1c4a03 (diff) | |
libexpr/flake: allow automatic rejection of configuration options from flakes
The `allow-flake-configuration` option allows the user to control whether to
accept configuration options supplied by flakes. Unfortunately, setting this
to false really meant "ask each time" (with an option to remember the choice
for each specific option encountered). Let no mean no, and introduce (and
default to) a separate value for the "ask each time" behaviour.
Co-Authored-By: Jade Lovelace <lix@jade.fyi>
Change-Id: I7ccd67a95bfc92cffc1ebdc972d243f5191cc1b4
Diffstat (limited to 'src/libexpr/flake')
| -rw-r--r-- | src/libexpr/flake/config.cc | 54 |
1 files changed, 35 insertions, 19 deletions
diff --git a/src/libexpr/flake/config.cc b/src/libexpr/flake/config.cc index b330d96f9..adcf7fd10 100644 --- a/src/libexpr/flake/config.cc +++ b/src/libexpr/flake/config.cc @@ -51,30 +51,46 @@ void ConfigFile::apply() else assert(false); - if (!whitelist.count(baseName) && !nix::fetchSettings.acceptFlakeConfig) { - bool trusted = false; - auto trustedList = readTrustedList(); - auto tlname = get(trustedList, name); - if (auto saved = tlname ? get(*tlname, valueS) : nullptr) { - trusted = *saved; - printInfo("Using saved setting for '%s = %s' from ~/.local/share/nix/trusted-settings.json.", name, valueS); - } else { - // FIXME: filter ANSI escapes, newlines, \r, etc. - if (std::tolower(logger->ask(fmt("do you want to allow configuration setting '%s' to be set to '" ANSI_RED "%s" ANSI_NORMAL "' (y/N)?", name, valueS)).value_or('n')) == 'y') { - trusted = true; - } - if (std::tolower(logger->ask(fmt("do you want to permanently mark this value as %s (y/N)?", trusted ? "trusted": "untrusted" )).value_or('n')) == 'y') { - trustedList[name][valueS] = trusted; - writeTrustedList(trustedList); + bool trusted = whitelist.count(baseName); + if (!trusted) { + switch (nix::fetchSettings.acceptFlakeConfig) { + case AcceptFlakeConfig::True: { + trusted = true; + break; + } + case AcceptFlakeConfig::Ask: { + auto trustedList = readTrustedList(); + auto tlname = get(trustedList, name); + if (auto saved = tlname ? get(*tlname, valueS) : nullptr) { + trusted = *saved; + printInfo("Using saved setting for '%s = %s' from ~/.local/share/nix/trusted-settings.json.", name, valueS); + } else { + // FIXME: filter ANSI escapes, newlines, \r, etc. + if (std::tolower(logger->ask(fmt("Do you want to allow configuration setting '%s' to be set to '" ANSI_RED "%s" ANSI_NORMAL "' (y/N)? This may allow the flake to gain root, see the nix.conf manual page.", name, valueS)).value_or('n')) == 'y') { + trusted = true; + } else { + warn("you can set '%s' to '%b' to automatically reject configuration options supplied by flakes", "accept-flake-config", false); + } + if (std::tolower(logger->ask(fmt("do you want to permanently mark this value as %s (y/N)?", trusted ? "trusted": "untrusted" )).value_or('n')) == 'y') { + trustedList[name][valueS] = trusted; + writeTrustedList(trustedList); + } } + break; } - if (!trusted) { - warn("ignoring untrusted flake configuration setting '%s'.\nPass '%s' to trust it", name, "--accept-flake-config"); - continue; + case nix::AcceptFlakeConfig::False: { + trusted = false; + break; + }; } } - globalConfig.set(name, valueS); + if (trusted) { + debug("accepting trusted flake configuration setting '%s'", name); + globalConfig.set(name, valueS); + } else { + warn("ignoring untrusted flake configuration setting '%s', pass '%s' to trust it (may allow the flake to gain root, see the nix.conf manual page)", name, "--accept-flake-config"); + } } } |